Sometimes It's Smart to Use Dumb Passwords

If we've learned one thing from this Yahoo hack, it's that even after countless blogger and security expert pleas for smarter choices, people continue to create amazingly obvious passwords, leading us to wonder if they might be doing it on purpose. And if so, bravo!

General Internet thinking says the best way to ensure online safety is to pick different "strong passwords" for all your Internet selves and then change them often. That, as this XKCD comic illustrates, is exhausting and often counterproductive.

For some things, we want crazy, hard to guess (and hard to remember) passwords. Like, for our online banking accounts, or our email, which can be used to reset so many of our other passwords. But just as people use flimsy locks for their luggage and big hulking deadbolts for their front door, not all passwords need to be the same strength. As The Atlantic's James Fallows taught us after a Gawker password leak compromised the security of his wife's Gmail account, the biggest security threat of these passwords dump is if you use the same password -- strong or weak -- for everything.

Not all passwords we use are meant to keep us safe. Often they're just to verify to a server who we are. When it first launched, the widely used reader app Instapaper didn't even use passwords: you just entered your email address and it would show you your list of saved articles. If you're checking out Lady Gaga's Little Monsters site, or you want to take Rebel Mouse for a spin, you might want to pick something quick and easy because you have no intention of using these sites very often if ever again. Or, the same tactic might apply if you just want something to get you past the New Yorker or Wall Street Journal paywalls, since getting through the gate doesn't lead to anything too personal. In these situations, that's a smarter move than using the same password you use for Gmail. Since passwords should differ, it makes sense that the bottom of the totem pole sites get weak, disposable passwords. Especially at places that have weak security, like Yahoo Voices, where some hacker group is bound to game the system anyway.

Some might call this defeatist, but we call it practical. The other way to ensure perfect security is to pick a lot of different 14 character long codes. The bigger and more complicated the password, the harder to hack, obviously. But there is a point when passwords go from possible to very impossible to game. For example, a 14 character password, even with all lowercase letters, would take a brute force hacker 2,046 millennia to crack, explains one hacker on his personal blog OneMansBlog. "Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries," he adds alongside a useful chart of how long it would take to hack certain types of passwords. So, you could just make even your most mundane accounts that you might only log into one time different long, complicated strings, adding more asterisks just in case. That would work. Of course, you shouldn't write down that impossible to remember code. And isn't a password forgotten like having no account at all?

Everyone has someone on their holiday shopping list who’s impossible to buy for. For the second year in a row, we asked Atlantic readers to describe their someone, and brainstormed a few perfect gift ideas for them.